From 1cb6f8590e305883ed4e10e2abfe8b37bd35530a Mon Sep 17 00:00:00 2001
From: Natanel Mor <67547443+chkp-natanelm@users.noreply.github.com>
Date: Mon, 30 Sep 2024 15:55:59 +0300
Subject: [PATCH] Align Azure and GCP
---
azure/templates/README.MD | 2 +-
.../createUiDefinition.json | 6 +++---
.../marketplace-ha/createUiDefinition.json | 6 +++---
.../marketplace-management/createUiDefinition.json | 4 ++--
.../marketplace-mds/createUiDefinition.json | 2 +-
.../createUiDefinition.json | 4 ++--
.../marketplace-single-waap/mainTemplate.json | 7 ++-----
.../marketplace-vmss-waap/createUiDefinition.json | 4 ++--
.../marketplace-vmss-waap/mainTemplate.json | 5 ++---
.../marketplace-vmss/createUiDefinition.json | 2 +-
azure/templates/vwan-managed-app/README.md | 4 ++--
.../azure/vmss-new-vnet-with-peer/terraform.tfvars | 4 ++--
.../R8040-R81/ha-r8040-r81/mainTemplate.json | 6 +++---
.../R8040-R81/mds-r8040-r81/mainTemplate.json | 4 ++--
.../R8040-R81/mgmt-r840-r81/mainTemplate.json | 4 ++--
.../R8040-R81/single-r8040-r81/mainTemplate.json | 4 ++--
.../R8040-R81/vmss-r8040-r81/mainTemplate.json | 2 +-
.../stack-ha-r8040-r81/mainTemplate.json | 2 +-
.../stack-management-r8040-r81/mainTemplate.json | 2 +-
.../stack-single-r8040-r81/mainTemplate.json | 2 +-
.../high-availability-existing-vnet/README.md | 4 +++-
.../azure/high-availability-new-vnet/README.md | 2 ++
terraform/azure/management-existing-vnet/README.md | 2 ++
terraform/azure/management-new-vnet/README.md | 2 ++
terraform/azure/mds-existing-vnet/README.md | 2 ++
terraform/azure/mds-new-vnet/README.md | 2 ++
terraform/azure/nva-into-existing-hub/README.md | 5 +++--
terraform/azure/nva-into-new-vwan/README.md | 5 +++--
.../azure/single-gateway-existing-vnet/README.md | 2 ++
terraform/azure/vmss-existing-vnet/README.md | 14 ++++++++------
.../azure/vmss-existing-vnet/terraform.tfvars | 3 ++-
terraform/azure/vmss-existing-vnet/variables.tf | 10 +++++++++-
terraform/azure/vmss-new-vnet/README.md | 2 ++
.../gcp/autoscale-into-existing-vpc/README.md | 2 +-
terraform/gcp/high-availability/variables.tf | 2 +-
terraform/gcp/single-into-existing-vpc/locals.tf | 5 +++--
.../gcp/single-into-existing-vpc/variables.tf | 2 +-
terraform/gcp/single-into-new-vpc/README.md | 1 -
terraform/gcp/single-into-new-vpc/variables.tf | 2 +-
39 files changed, 85 insertions(+), 60 deletions(-)
diff --git a/azure/templates/README.MD b/azure/templates/README.MD
index e5ef10fb..522ac7cb 100644
--- a/azure/templates/README.MD
+++ b/azure/templates/README.MD
@@ -66,4 +66,4 @@ To deploy a specific Azure image, adjust the image version during the manual dep
template_name: management
template_version: 20231002
template_type: marketplace
-
+
\ No newline at end of file
diff --git a/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json b/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
index 1de1c662..54fd25cc 100644
--- a/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
+++ b/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
@@ -1120,7 +1120,7 @@
}
},
{
- "visible": "[bool(basics('auth').sshPublicKey)]",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
"name": "EnableSerialConsolePassword",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Serial console password",
@@ -1508,9 +1508,9 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
- "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
"SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-ha/createUiDefinition.json b/azure/templates/marketplace-ha/createUiDefinition.json
index c770250c..886f864a 100644
--- a/azure/templates/marketplace-ha/createUiDefinition.json
+++ b/azure/templates/marketplace-ha/createUiDefinition.json
@@ -836,7 +836,7 @@
}
},
{
- "visible": "[bool(basics('auth').sshPublicKey)]",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
"name": "EnableSerialConsolePassword",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Serial console password",
@@ -946,7 +946,7 @@
"label": "Availability options",
"defaultValue": "Availability Set",
"toolTip": "Use replicated Cluster VMs in Availability Set or Availability Zones. Note that the load balancers and their IP addresses will be zone redundant in any case.",
- "visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth \\ ', concat(' ', location(), ' '))]",
+ "visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth ', concat(' ', location(), ' '))]",
"constraints": {
"allowedValues": [
{
@@ -1640,7 +1640,7 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
- "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
"VipsNumber": "[int(steps('network').Vips_Number)]",
"VipNames": "[concat(steps('network').VIP_Names.VIP2_Name, ',', steps('network').VIP_Names.VIP3_Name, ',', steps('network').VIP_Names.VIP4_Name, ',', steps('network').VIP_Names.VIP5_Name, ',', steps('network').VIP_Names.VIP6_Name, ',', steps('network').VIP_Names.VIP7_Name, ',', steps('network').VIP_Names.VIP8_Name, ',', steps('network').VIP_Names.VIP9_Name, ',', steps('network').VIP_Names.VIP10_Name)]",
"SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
diff --git a/azure/templates/marketplace-management/createUiDefinition.json b/azure/templates/marketplace-management/createUiDefinition.json
index 7e945af8..fdb719a2 100644
--- a/azure/templates/marketplace-management/createUiDefinition.json
+++ b/azure/templates/marketplace-management/createUiDefinition.json
@@ -422,7 +422,7 @@
}
]
}
- },
+ },
{
"name": "enableApi",
"type": "Microsoft.Common.DropDown",
@@ -694,7 +694,7 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
- "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
"SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]"
}
diff --git a/azure/templates/marketplace-mds/createUiDefinition.json b/azure/templates/marketplace-mds/createUiDefinition.json
index de11e136..ad06592d 100644
--- a/azure/templates/marketplace-mds/createUiDefinition.json
+++ b/azure/templates/marketplace-mds/createUiDefinition.json
@@ -629,7 +629,7 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
- "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
"SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]"
}
diff --git a/azure/templates/marketplace-single-waap/createUiDefinition.json b/azure/templates/marketplace-single-waap/createUiDefinition.json
index 42e2ebff..3ebd285b 100755
--- a/azure/templates/marketplace-single-waap/createUiDefinition.json
+++ b/azure/templates/marketplace-single-waap/createUiDefinition.json
@@ -67,8 +67,8 @@
"toolTip": "Token can be obtained by logging in to [https://portal.checkpoint.com/](https://portal.checkpoint.com/) –> INFINITY POLICY -> CLOUD -> Profiles",
"constraints": {
"required": true,
- "regex": "^cp-(([a-z0-9A-Z-]{72,72})|([a-z0-9A-Z-]{75,75}))$",
- "validationMessage": "Token should begin with 'cp-' and must be 75 or 78 characters long"
+ "regex": "^cp-[a-z0-9A-Z-]{72,72}$",
+ "validationMessage": "Token should begin with 'cp-' and must be 75 characters long"
},
"options": {
"hideConfirmation": false
diff --git a/azure/templates/marketplace-single-waap/mainTemplate.json b/azure/templates/marketplace-single-waap/mainTemplate.json
index d7704b90..1d4f4b84 100755
--- a/azure/templates/marketplace-single-waap/mainTemplate.json
+++ b/azure/templates/marketplace-single-waap/mainTemplate.json
@@ -50,7 +50,7 @@
"waapAgentToken": {
"type": "securestring",
"minLength": 75,
- "maxLength": 78,
+ "maxLength": 75,
"metadata": {
"description": "Infinity Next Agent Token"
}
@@ -203,7 +203,7 @@
},
"variables": {
"templateName": "checkpoint_waap",
- "templateVersion": "20211028",
+ "templateVersion": "20210922",
"location": "[parameters('location')]",
"osVersion": "R8040",
"installationType": "waap",
@@ -282,9 +282,6 @@
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
- "properties": {
- "minimalTlsVersion": "TLS1_2"
- },
"apiVersion": "2021-04-01",
"location": "[variables('location')]",
"sku": {
diff --git a/azure/templates/marketplace-vmss-waap/createUiDefinition.json b/azure/templates/marketplace-vmss-waap/createUiDefinition.json
index 51c05e9c..2ca24a11 100755
--- a/azure/templates/marketplace-vmss-waap/createUiDefinition.json
+++ b/azure/templates/marketplace-vmss-waap/createUiDefinition.json
@@ -67,8 +67,8 @@
"toolTip": "Token can be obtained by logging in to [https://portal.checkpoint.com/](https://portal.checkpoint.com/) –> INFINITY POLICY -> CLOUD -> Profiles",
"constraints": {
"required": true,
- "regex": "^cp-(([a-z0-9A-Z-]{72,72})|([a-z0-9A-Z-]{75,75}))$",
- "validationMessage": "Token should begin with 'cp-' and must be 75 or 78 characters long"
+ "regex": "^cp-[a-z0-9A-Z-]{72,72}$",
+ "validationMessage": "Token should begin with 'cp-' and must be 75 characters long"
},
"options": {
"hideConfirmation": false
diff --git a/azure/templates/marketplace-vmss-waap/mainTemplate.json b/azure/templates/marketplace-vmss-waap/mainTemplate.json
index 0b921194..df1bc1cf 100755
--- a/azure/templates/marketplace-vmss-waap/mainTemplate.json
+++ b/azure/templates/marketplace-vmss-waap/mainTemplate.json
@@ -51,7 +51,7 @@
"waapAgentToken": {
"type": "securestring",
"minLength": 75,
- "maxLength": 78,
+ "maxLength": 75,
"metadata": {
"description": "Infinity Next Agent Token"
}
@@ -73,7 +73,6 @@
"availabilityZonesNum": {
"type": "int",
"allowedValues": [
- 0,
1,
2,
3
@@ -388,7 +387,7 @@
},
"variables": {
"templateName": "waap_vmss",
- "templateVersion": "20211028",
+ "templateVersion": "20210922",
"location": "[parameters('location')]",
"osVersion": "R8040",
"isBlink": true,
diff --git a/azure/templates/marketplace-vmss/createUiDefinition.json b/azure/templates/marketplace-vmss/createUiDefinition.json
index 0f2cf56a..cf04efcd 100644
--- a/azure/templates/marketplace-vmss/createUiDefinition.json
+++ b/azure/templates/marketplace-vmss/createUiDefinition.json
@@ -1744,7 +1744,7 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
- "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
"SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]"
}
diff --git a/azure/templates/vwan-managed-app/README.md b/azure/templates/vwan-managed-app/README.md
index 085e0620..293238e2 100644
--- a/azure/templates/vwan-managed-app/README.md
+++ b/azure/templates/vwan-managed-app/README.md
@@ -64,8 +64,8 @@ https://management.azure.com/subscriptions/{subscription_id}/providers/Microsoft
}
],
"availableVersions": [
- "8110.900335.1435",
- "8120.900631.1433",
+ "8110.900335.1522",
+ "8120.900631.1522",
"latest"
],
"marketPlaceLink": "https://aka.ms/Checkpointmarketplace",
diff --git a/contrib/terraform/azure/vmss-new-vnet-with-peer/terraform.tfvars b/contrib/terraform/azure/vmss-new-vnet-with-peer/terraform.tfvars
index 8fda9c83..81133f6f 100755
--- a/contrib/terraform/azure/vmss-new-vnet-with-peer/terraform.tfvars
+++ b/contrib/terraform/azure/vmss-new-vnet-with-peer/terraform.tfvars
@@ -25,5 +25,5 @@ configuration_template_name = "PLEASE ENTER CONFIGURATION TEMPLATE NAME"
notification_email = "PLEASE ENTER NOTIFICATION MAIL OR LEAVE EMPTY DOUBLE QUOTES" # "name@company.com"
frontend_load_distribution = "PLEASE ENTER EXTERNAL LOAD BALANCER SESSION PERSISTENCE" # "Default"
backend_load_distribution = "PLEASE ENTER INTERNAL LOAD BALANCER SESSION PERSISTENCE" # "Default"
-mgmt_vnet_name = "PLEASE ENTER MANAGEMENT VIRTUAL NETWORK NAME" # "mgmt-vnet"
-mgmt_resource_group_name = "PLEASE ENTER MANAGEMENT RESOURCE GROUP NAME" # "management"
+mgmt_vnet_name = "PLEASE ENTER MANAGEMENT VIRTUAL NETWORK NAME" # "mgmt-vnet"
+mgmt_resource_group_name = "PLEASE ENTER MANAGEMENT RESOURCE GROUP NAME" # "management"
diff --git a/deprecated/azure/templates/R8040-R81/ha-r8040-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/ha-r8040-r81/mainTemplate.json
index 59952e87..b281ecef 100644
--- a/deprecated/azure/templates/R8040-R81/ha-r8040-r81/mainTemplate.json
+++ b/deprecated/azure/templates/R8040-R81/ha-r8040-r81/mainTemplate.json
@@ -17,7 +17,7 @@
"R80.40 - Pay As You Go (NGTX)",
"R81 - Bring Your Own License",
"R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
+ "R81 - Pay As You Go (NGTX)"
],
"defaultValue": "R81 - Bring Your Own License",
"metadata": {
@@ -361,7 +361,7 @@
"R80.40 - Pay As You Go (NGTX)": "NGTX",
"R81 - Bring Your Own License": "BYOL",
"R81 - Pay As You Go (NGTP)": "NGTP",
- "R81 - Pay As You Go (NGTX)": "NGTX",
+ "R81 - Pay As You Go (NGTX)": "NGTX"
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
@@ -370,7 +370,7 @@
"R80.40 - Pay As You Go (NGTX)": "R8040",
"R81 - Bring Your Own License": "R81",
"R81 - Pay As You Go (NGTP)": "R81",
- "R81 - Pay As You Go (NGTX)": "R81",
+ "R81 - Pay As You Go (NGTX)": "R81"
},
"osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
"SerialConsoleGeographies": {
diff --git a/deprecated/azure/templates/R8040-R81/mds-r8040-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/mds-r8040-r81/mainTemplate.json
index c9800935..fc8ce67a 100644
--- a/deprecated/azure/templates/R8040-R81/mds-r8040-r81/mainTemplate.json
+++ b/deprecated/azure/templates/R8040-R81/mds-r8040-r81/mainTemplate.json
@@ -13,9 +13,9 @@
"type": "string",
"allowedValues": [
"R80.40 - Bring Your Own License",
- "R81 - Bring Your Own License",
+ "R81 - Bring Your Own License"
],
- "defaultValue": "R81.20 - Bring Your Own License",
+ "defaultValue": "R81 - Bring Your Own License",
"metadata": {
"description": "Version of Check Point CloudGuard"
}
diff --git a/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/mainTemplate.json
index 44f62298..72ecc81c 100644
--- a/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/mainTemplate.json
+++ b/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/mainTemplate.json
@@ -17,7 +17,7 @@
"R81 - Bring Your Own License",
"R81 - Pay As You Go (MGMT25)"
],
- "defaultValue": "R81.20 - Bring Your Own License",
+ "defaultValue": "R81 - Bring Your Own License",
"metadata": {
"description": "Version of Check Point CloudGuard"
}
@@ -319,7 +319,7 @@
"storageAccountType": "Standard_LRS",
"diskSize100GB": 100,
"diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
- "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', parameters('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'enableApi=\"', parameters('enableApi'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
+ "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', parameters('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
"customData64": "[base64(variables('customData'))]",
"imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
"imagePublisher": "checkpoint",
diff --git a/deprecated/azure/templates/R8040-R81/single-r8040-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/single-r8040-r81/mainTemplate.json
index 911b8572..95563c19 100644
--- a/deprecated/azure/templates/R8040-R81/single-r8040-r81/mainTemplate.json
+++ b/deprecated/azure/templates/R8040-R81/single-r8040-r81/mainTemplate.json
@@ -24,9 +24,9 @@
"R80.40 - Pay As You Go (NGTX)",
"R81 - Bring Your Own License",
"R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
+ "R81 - Pay As You Go (NGTX)"
],
- "defaultValue": "R81.20 - Bring Your Own License",
+ "defaultValue": "R81 - Bring Your Own License",
"metadata": {
"description": "Version of Check Point CloudGuard"
}
diff --git a/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/mainTemplate.json
index b343976c..4a0efc1f 100644
--- a/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/mainTemplate.json
+++ b/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/mainTemplate.json
@@ -561,7 +561,7 @@
"additionalDiskSizeGB": "[if(contains('R8040 R81', variables('osVersion')), 0, parameters('additionalDiskSizeGB'))]",
"diskSizeGB": "[add(variables('additionalDiskSizeGB'), variables('diskSize100GB'))]",
"enableFloatingIP": "[equals(parameters('floatingIP'), 'yes')]",
- "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'MaintenanceModePassword=\"', parameters('MaintenanceModePasswordHash'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
+ "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
"imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
"imagePublisher": "checkpoint",
"imageReferenceBYOL": {
diff --git a/deprecated/azure/templates/stack-R8040-R81/stack-ha-r8040-r81/mainTemplate.json b/deprecated/azure/templates/stack-R8040-R81/stack-ha-r8040-r81/mainTemplate.json
index 0847143c..c776a882 100644
--- a/deprecated/azure/templates/stack-R8040-R81/stack-ha-r8040-r81/mainTemplate.json
+++ b/deprecated/azure/templates/stack-R8040-R81/stack-ha-r8040-r81/mainTemplate.json
@@ -17,7 +17,7 @@
"R80.40 - Pay As You Go (NGTX)",
"R81 - Bring Your Own License",
"R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
+ "R81 - Pay As You Go (NGTX)"
],
"defaultValue": "R81 - Bring Your Own License",
"metadata": {
diff --git a/deprecated/azure/templates/stack-R8040-R81/stack-management-r8040-r81/mainTemplate.json b/deprecated/azure/templates/stack-R8040-R81/stack-management-r8040-r81/mainTemplate.json
index d2e59edb..bbee571d 100644
--- a/deprecated/azure/templates/stack-R8040-R81/stack-management-r8040-r81/mainTemplate.json
+++ b/deprecated/azure/templates/stack-R8040-R81/stack-management-r8040-r81/mainTemplate.json
@@ -15,7 +15,7 @@
"R80.40 - Bring Your Own License",
"R80.40 - Pay As You Go (MGMT25)",
"R81 - Bring Your Own License",
- "R81 - Pay As You Go (MGMT25)",
+ "R81 - Pay As You Go (MGMT25)"
],
"defaultValue": "R81 - Bring Your Own License",
"metadata": {
diff --git a/deprecated/azure/templates/stack-R8040-R81/stack-single-r8040-r81/mainTemplate.json b/deprecated/azure/templates/stack-R8040-R81/stack-single-r8040-r81/mainTemplate.json
index 50422c53..a6d5f888 100644
--- a/deprecated/azure/templates/stack-R8040-R81/stack-single-r8040-r81/mainTemplate.json
+++ b/deprecated/azure/templates/stack-R8040-R81/stack-single-r8040-r81/mainTemplate.json
@@ -17,7 +17,7 @@
"R80.40 - Pay As You Go (NGTX)",
"R81 - Bring Your Own License",
"R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
+ "R81 - Pay As You Go (NGTX)"
],
"defaultValue": "R81 - Bring Your Own License",
"metadata": {
diff --git a/terraform/azure/high-availability-existing-vnet/README.md b/terraform/azure/high-availability-existing-vnet/README.md
index 666aec67..2aa7468d 100755
--- a/terraform/azure/high-availability-existing-vnet/README.md
+++ b/terraform/azure/high-availability-existing-vnet/README.md
@@ -215,7 +215,9 @@ availability_type = "Availability Zone"
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
| Template Version | Description |
-| ---------------- | ------------- |
+| ---------------- |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20240613 | - Updated Azure Terraform provider version
- Updated managed identity permissions
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Added validation for os_version & os_offer |
+| | | |
| 20230910 | - R81.20 is the default version |
| | | |
| 20230212 | - Added Smart-1 Cloud support |
diff --git a/terraform/azure/high-availability-new-vnet/README.md b/terraform/azure/high-availability-new-vnet/README.md
index 2218fd5a..15bfa197 100755
--- a/terraform/azure/high-availability-new-vnet/README.md
+++ b/terraform/azure/high-availability-new-vnet/README.md
@@ -215,6 +215,8 @@ In order to check the template version refer to the [sk116585](https://supportce
| Template Version | Description |
| ---------------- | ------------- |
+| 20240613 | - Updated Azure Terraform provider version
- Updated managed identity permissions
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Added validation for os_version & os_offer |
+| | | |
| 20230910 | - R81.20 is the default version |
| | | |
| 20230212 | - Added Smart-1 Cloud support |
diff --git a/terraform/azure/management-existing-vnet/README.md b/terraform/azure/management-existing-vnet/README.md
index e2877075..41c772e4 100755
--- a/terraform/azure/management-existing-vnet/README.md
+++ b/terraform/azure/management-existing-vnet/README.md
@@ -168,6 +168,8 @@ In order to check the template version refer to the [sk116585](https://supportce
| Template Version | Description |
| ---------------- | ------------- |
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
| 20230910 | - R81.20 is the default version |
| | | |
| 20221124 | - Added R81.20 support
- Upgraded azurerm provider |
diff --git a/terraform/azure/management-new-vnet/README.md b/terraform/azure/management-new-vnet/README.md
index 8851e3d6..bd14ac2d 100755
--- a/terraform/azure/management-new-vnet/README.md
+++ b/terraform/azure/management-new-vnet/README.md
@@ -166,6 +166,8 @@ In order to check the template version refer to the [sk116585](https://supportce
| Template Version | Description |
| ---------------- | ------------- |
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
| 20230910 | - R81.20 is the default version |
| | | |
| 20221124 | - Added R81.20 support
- Upgraded azurerm provider |
diff --git a/terraform/azure/mds-existing-vnet/README.md b/terraform/azure/mds-existing-vnet/README.md
index f83a56e8..6980d7cc 100755
--- a/terraform/azure/mds-existing-vnet/README.md
+++ b/terraform/azure/mds-existing-vnet/README.md
@@ -182,6 +182,8 @@ In order to check the template version refer to the [sk116585](https://supportce
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------|
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
| 20230910 | - R81.20 is the default version |
| | | |
| 20230629 | First release of Check Point CloudGuard Network Security MDS Terraform deployment for Azure |
diff --git a/terraform/azure/mds-new-vnet/README.md b/terraform/azure/mds-new-vnet/README.md
index cb782964..8b3afc49 100755
--- a/terraform/azure/mds-new-vnet/README.md
+++ b/terraform/azure/mds-new-vnet/README.md
@@ -175,6 +175,8 @@ In order to check the template version refer to the [sk116585](https://supportce
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------|
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
| 20230910 | - R81.20 is the default version |
| | | |
| 20230629 | First release of Check Point CloudGuard Network Security MDS Terraform deployment for Azure |
diff --git a/terraform/azure/nva-into-existing-hub/README.md b/terraform/azure/nva-into-existing-hub/README.md
index 253cce89..a2765298 100644
--- a/terraform/azure/nva-into-existing-hub/README.md
+++ b/terraform/azure/nva-into-existing-hub/README.md
@@ -1,6 +1,6 @@
# Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure
-This Terraform module deploys Check Point CloudGuard Network Security vWAN NVA solution into an existing vWAN Hub in Azure.
+This Terraform module deploys Check Point CloudGuard Network Security Virtual WAN NVA solution into an existing vWAN Hub in Azure.
As part of the deployment the following resources are created:
- Resource groups
- Azure Managed Application:
@@ -77,7 +77,7 @@ please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https
| | | | | |
| **vwan-hub-name** | The name of the virtual WAN hub that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a |
| | | | | |
- | **vwan-hub-resource-group** | The vWAN hub resource group name | string | | n/a |
+ | **vwan-hub-resource-group** | The virtual WAN hub resource group name | string | | n/a |
| | | | | |
| **managed-app-name** | The name of the managed application that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | "tf-vwan-managed-app-nva" |
| | | | | |
@@ -161,6 +161,7 @@ In order to check the template version refer to the [sk116585](https://supportce
| Template Version | Description |
|------------------|-------------------|
+| 20240613 | Cosmetic fixes & default values |
| 20240228 | Added public IP for ingress support | | |
| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | |
diff --git a/terraform/azure/nva-into-new-vwan/README.md b/terraform/azure/nva-into-new-vwan/README.md
index c7f06c09..17fa1ffe 100644
--- a/terraform/azure/nva-into-new-vwan/README.md
+++ b/terraform/azure/nva-into-new-vwan/README.md
@@ -1,6 +1,6 @@
# Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure
-This Terraform module deploys Check Point CloudGuard Network Security vWAN NVA solution into a new vWAN Hub in Azure.
+This Terraform module deploys Check Point CloudGuard Network Security Virtual WAN NVA solution into a new vWAN Hub in Azure.
As part of the deployment the following resources are created:
- Resource groups
- Virtual WAN
@@ -170,7 +170,8 @@ please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
| Template Version | Description |
-|------------------|---------------------------------------------------------------------------------------------------|
+|------------------|-----------------------------------------------------------------------------------------------|
+| 20240613 | Cosmetic fixes & default values |
| 20240228 | Added public IP for ingress support | | |
| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | | |
diff --git a/terraform/azure/single-gateway-existing-vnet/README.md b/terraform/azure/single-gateway-existing-vnet/README.md
index feebb542..b49b1886 100755
--- a/terraform/azure/single-gateway-existing-vnet/README.md
+++ b/terraform/azure/single-gateway-existing-vnet/README.md
@@ -185,6 +185,8 @@ In order to check the template version refer to the [sk116585](https://supportce
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------|
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Added accelerated networking to SGW Terraform templates
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
| 20230910 | - R81.20 is the default version |
| | | |
| 20230629 | First release of Check Point CloudGuard Network Security Single GW Terraform deployment for Azure |
diff --git a/terraform/azure/vmss-existing-vnet/README.md b/terraform/azure/vmss-existing-vnet/README.md
index f0602c30..73b83eb3 100755
--- a/terraform/azure/vmss-existing-vnet/README.md
+++ b/terraform/azure/vmss-existing-vnet/README.md
@@ -72,7 +72,7 @@ This solution uses the following modules:
### terraform.tfvars variables:
| Name | Description | Type | Allowed values | Default |
- | ------------- | ------------- | ------------- | ------------- | ------------- |
+ | ------------- |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------- | ------------- | ------------- |
| **client_secret** | The client secret of the Service Principal used to deploy the solution | string | | n/a
| | | | | |
| **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
@@ -97,7 +97,7 @@ This solution uses the following modules:
| | | | | |
| **backend_subnet_name** | Specifies the name of the internal subnet | string | The exact name of the existing internal subnet | n/a
| | | | | |
- | **backend_lb_IP_address** | Is a whole number that can be represented as a binary integer with no more than the number of digits remaining in the address after the given prefix| string | Starting from 5-th IP address in a subnet. For example: subnet - 10.0.1.0/24, backend_lb_IP_address = 4 , the LB IP is 10.0.1.4 | n/a
+ | **backend_lb_IP_address** | Is a whole number that can be represented as a binary integer with no more than the number of digits remaining in the address after the given prefix | string | Starting from 5-th IP address in a subnet. For example: subnet - 10.0.1.0/24, backend_lb_IP_address = 4 , the LB IP is 10.0.1.4 | n/a
| | | | | |
| **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a
| | | | | |
@@ -151,6 +151,8 @@ This solution uses the following modules:
| | | | | |
| **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
| | | | | |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if not provided, will create a default NSG | string | Existing NSG resource ID | ""
+ | | | | | |
| **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
| | | | | |
| **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
@@ -200,7 +202,8 @@ enable_custom_metrics = true
deployment_mode = "Standard"
admin_shell = "/etc/cli.sh"
serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
- maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ nsg_id = ""
add_storage_account_ip_rules = false
storage_account_additional_ips = []
@@ -212,15 +215,14 @@ enable_custom_metrics = true
## Known limitations
-1. Deploy the VMSS with External load balancer only (Inbound inspection only) is not supported
-2. Deploy the VMSS with Internal load balancer only (Outbound and E-W inspection only) is not supported
-
## Revision History
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
| Template Version | Description |
| ---------------- | ------------- |
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated diskSizeGB
- Added validation for os_version & os_offer |
+| | | |
| 20230910 | - R81.20 is the default version |
| | | |
| 20221124 | - Added R81.20 support
- Upgraded azurerm provider |
diff --git a/terraform/azure/vmss-existing-vnet/terraform.tfvars b/terraform/azure/vmss-existing-vnet/terraform.tfvars
index 399ffeef..66836af3 100755
--- a/terraform/azure/vmss-existing-vnet/terraform.tfvars
+++ b/terraform/azure/vmss-existing-vnet/terraform.tfvars
@@ -39,4 +39,5 @@ admin_shell = "PLEASE ENTER ADMIN SHELL"
serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
-storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
\ No newline at end of file
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
+nsg_id = "PLEASE ENTER NETWORK SECURITY GROUP ID" # ""
\ No newline at end of file
diff --git a/terraform/azure/vmss-existing-vnet/variables.tf b/terraform/azure/vmss-existing-vnet/variables.tf
index aa405627..1ad5bb46 100755
--- a/terraform/azure/vmss-existing-vnet/variables.tf
+++ b/terraform/azure/vmss-existing-vnet/variables.tf
@@ -242,7 +242,10 @@ variable "storage_account_additional_ips" {
type = list(string)
description = "IPs/CIDRs that are allowed access to the Storage Account"
default = []
-}//********************* Load Balancers Variables **********************//
+}
+
+//********************* Load Balancers Variables **********************//
+
variable "deployment_mode" {
description = "The type of the deployment, can be 'Standard' for both load balancers or 'External' for external load balancer or 'Internal for internal load balancer"
type = string
@@ -392,3 +395,8 @@ variable "enable_floating_ip" {
type = bool
default = false
}
+
+variable "nsg_id" {
+ description = "NSG ID - Optional - if empty use default NSG"
+ default = ""
+}
diff --git a/terraform/azure/vmss-new-vnet/README.md b/terraform/azure/vmss-new-vnet/README.md
index 06f786e7..71857101 100755
--- a/terraform/azure/vmss-new-vnet/README.md
+++ b/terraform/azure/vmss-new-vnet/README.md
@@ -221,6 +221,8 @@ In order to check the template version refer to the [sk116585](https://supportce
| Template Version | Description |
| ---------------- | --------- |
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated diskSizeGB
- Added validation for os_version & os_offer |
+| | | |
| 20230910 | - R81.20 is the default version |
| | | |
| 20221124 | - Added R81.20 support
- Upgraded azurerm provider |
diff --git a/terraform/gcp/autoscale-into-existing-vpc/README.md b/terraform/gcp/autoscale-into-existing-vpc/README.md
index 2ce564df..45abf434 100755
--- a/terraform/gcp/autoscale-into-existing-vpc/README.md
+++ b/terraform/gcp/autoscale-into-existing-vpc/README.md
@@ -199,7 +199,6 @@ Please leave empty list for a protocol if you want to disable traffic for it.
| enable_monitoring | Enable Stackdriver monitoring | bool | true/false | false | no |
-
## Outputs
| Name | Description |
| ------------- | ------------- |
@@ -215,6 +214,7 @@ Please leave empty list for a protocol if you want to disable traffic for it.
| SCTP_firewall_rules_name | If enable - the SCTP firewall rules name, otherwise, an empty list. |
| ESP_firewall_rules_name | If enable - the ESP firewall rules name, otherwise, an empty list. |
+
## Revision History
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
diff --git a/terraform/gcp/high-availability/variables.tf b/terraform/gcp/high-availability/variables.tf
index 72f4e916..114c8608 100755
--- a/terraform/gcp/high-availability/variables.tf
+++ b/terraform/gcp/high-availability/variables.tf
@@ -32,6 +32,7 @@ variable "os_version" {
description = "GAIA OS version"
default = "R8120"
}
+
# --- Instances Configuration ---
data "google_compute_regions" "available_regions" {
}
@@ -129,7 +130,6 @@ resource "null_resource" "validate_both_tokens" {
resource "null_resource" "validate_different_tokens" {
count = var.smart_1_cloud_token_a != "" && var.smart_1_cloud_token_a == var.smart_1_cloud_token_b ? "To connect to Smart-1 Cloud, you must provide two different tokens" : 0
}
-
# --- Networking ---
variable "cluster_network_cidr" {
type = string
diff --git a/terraform/gcp/single-into-existing-vpc/locals.tf b/terraform/gcp/single-into-existing-vpc/locals.tf
index 3bfa4737..78145861 100755
--- a/terraform/gcp/single-into-existing-vpc/locals.tf
+++ b/terraform/gcp/single-into-existing-vpc/locals.tf
@@ -58,6 +58,7 @@ locals {
// Will fail if management_only and payg
is_management_only = var.installationType == "Management only"
is_license_payg = var.license == "PAYG"
- validation_massage = "Cannot use 'Management only' installation type with 'Payg' license."
- _= regex("^$",local.is_management_only && local.is_license_payg ? local.validation_massage : "")
+ validation_message = "Cannot use 'Management only' installation type with 'PAYG' license."
+ _= regex("^$",local.is_management_only && local.is_license_payg ? local.validation_message : "")
+
}
\ No newline at end of file
diff --git a/terraform/gcp/single-into-existing-vpc/variables.tf b/terraform/gcp/single-into-existing-vpc/variables.tf
index 196e4678..ef107746 100755
--- a/terraform/gcp/single-into-existing-vpc/variables.tf
+++ b/terraform/gcp/single-into-existing-vpc/variables.tf
@@ -15,7 +15,7 @@ variable "zone" {
}
variable "image_name" {
type = string
- description = "The single gateway and management image name"
+ description = "The single gateway and management image name. You can choose the desired image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/single-byol/images.py"
}
variable "os_version" {
type = string
diff --git a/terraform/gcp/single-into-new-vpc/README.md b/terraform/gcp/single-into-new-vpc/README.md
index 62e0b19f..59db07be 100644
--- a/terraform/gcp/single-into-new-vpc/README.md
+++ b/terraform/gcp/single-into-new-vpc/README.md
@@ -265,7 +265,6 @@ In order to check the template version refer to the [sk116585](https://supportce
| 20230921 | Added single-into-new-vpc template. |
| | |
-
## Authors
diff --git a/terraform/gcp/single-into-new-vpc/variables.tf b/terraform/gcp/single-into-new-vpc/variables.tf
index 6a40d8e8..eb6e7120 100644
--- a/terraform/gcp/single-into-new-vpc/variables.tf
+++ b/terraform/gcp/single-into-new-vpc/variables.tf
@@ -19,7 +19,7 @@ variable "zone" {
}
variable "image_name" {
type = string
- description = "The single gateway and management image name"
+ description = "The single gateway and management image name. You can choose the desired image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/single-byol/images.py"
}
variable "os_version" {
type = string